In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415
CWE-862
CVE-2022-4872
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to ‘no’
CVE-2022-48166
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-47341
In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
CVE-2022-47358
In log service, there is a missing permission check. This could lead to local denial of service in log service.
CVE-2022-47361
In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.